Share via

Getting an authorization error while peering 2 virtual networks in same directory

Sanket Soni 0 Reputation points
2024-01-18T06:54:38.8666667+00:00

I have registered 1 app and created clientId and clientSecret and try to peer 2 virtual network from C# code. I tried with DefaultCredentials and it works fine and able to peer 2 VNets. TokenCredential cred = new DefaultAzureCredential(new DefaultAzureCredentialOptions() { TenantId = {tenantId} }) but when I try with clientId and clientSecret then getting below error: The client 'c5be8621-24f3-4e1a-be9f-76ec8427c0ca' with object id 'c5be8621-24f3-4e1a-be9f-76ec8427c0ca' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' over scope '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/virtualNetworkPeerings/{virtualNetworkPeeringName}' or the scope is invalid. If access was recently granted, please refresh your credentials. TokenCredential cred = new ClientSecretCredential({tenantId}, {clientId}, {clientSecret}); My user role is "Network Contributor"

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,772 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2024-02-01T12:50:02.0666667+00:00

    Hello @Sanket Soni ,

    I understand that you are getting an authorization error when trying to peer 2 virtual networks in same directory.

    Are both the Vnets in the same subscription or different subscriptions under the same AD tenant?

    You mentioned that you tried with DefaultCredentials and it works fine and you were able to peer the Vnets but when you try with clientId and clientSecret, you are getting an error. And the error says that the client does not have authorization. So, I would request you to check the permissions for that clientid.

    Kindly look for application/SPN name with client ID: 'c5be8621-24f3-4e1a-be9f-76ec8427c0ca'.

    Navigate to the subscription > Choose the subscription > Add Role assignment > Select role "Network Contributor" for the 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' permissions > assign to the application SPN:

    Refer: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues#the-virtual-networks-are-in-different-subscriptions-or-active-directory-tenants

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#permissions

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.